Tor - The Onion Router

Posts about the non-technical aspects of Tor's hidden services – such as individual .onion sites and their content – belong in /r/onions. Posts concerning criminal marketplaces may be removed from /r/Tor.

News articles that do not mention Tor are usually off-topic; /r/Tor is not for general news about privacy or security.

I have to say I know almost nothing about computers, but I appreciate the badassness of TOR. I can't figure something out, and it is probably a simple question for you- how does TOR protect you from being found by ISP? I understand it launders your IP address, but can't your ISP still direct the feds to you?

how does TOR protect you from being found by ISP? I understand it launders your IP address, but can't your ISP still direct the feds to you?

No. Well, yes, but that is a complicated answer, and if you are not familiar with how networking works, it is probably best we keep this simple. Tor encrypts your data client side, so you are already protected from your ISP spying on what you do, but they will know most likely that you are using Tor. This is not an issue, because the Tor is an "onion" network. This means that your data stream is sent, encrypted, to a node. This node strips off a layer of encryption(remember the onion metaphor?) and passes it along to the next node. This second node does the same thing, but the magic has now happened. The second node has this data that came from the first node, but it doesn't know what the data is, because it is still encrypted, and it doesn't know where the first node got the data from. So, it passes it along to the third node. Unless otherwise specified, this third node is the exit node, so it strips off the last of the encryption and passes the data along to whatever service on the internet it was destined for.

So can you see the implications? If someone wanted to trace you back from your web activity, they would have to have been, at the time of your web browsing, in control of all 3 of the nodes that you randomly picked on your client side(Nodes have no influence over how your nodes are picked) to be able to trace the traffic back. This is one of those things that is just more or less considered impossible.

Tor really has nothing to do with your ISP, because unless you are using something like the Obfsproxy browser bundle, your ISP can see you are using Tor. They cannot, however, see what you are doing or what websites you are visiting. Sure, your ISP can direct the feds to you, but under what suspicion? Using Tor is not a crime, the ISP would have no evidence against you, and there are some 500,000 unique users of Tor every day(not necessarily all in the US), and many people use it to maintain privacy, not to use it in unlawful ways.

Thank you. This is along the lines of what i thought happend. I was suggesting Tor to some people and someone called me out, and said the ISP could still get you. I don't know enough about it and couldn't really respond. They claimed Tor uses really weak encryption, can you speak to that at all? Thanks again for keeping it simple.

I was suggesting Tor to some people and someone called me out, and said the ISP could still get you.

Like I said, the way the Tor network is set up ensures that nothing can be traced back to you. Of course, this is not 100% the case, someone could probably write an entire dissertation about the theoretical ways to defeat the Tor network, but the fact of the matter is that without the kind of resources that the NSA has, it is more or less impossible, and even if the NSA throws their weight behind it, it is questionable as to how effective the attacks could be, if at all. It would be easier for them to just get a warrant to put spyware on your computer.
So it doesn't really matter if you are into child pornography, or drugs, or you are a hacker or hitman, these things are not really enough to get the NSA to try and hunt you down, so for 99.9999999% of peoples needs, Tor 100% safe.

They claimed Tor uses really weak encryption, can you speak to that at all?

I would say that this is completely false. Tor uses AES256 encryption, which is considered the most secure encryption standard in the world, it meets the US DoD, NSA, CIA, etc, standards for the storage of extremely sensitive documents. This does bring up the question of backdoors in it, but it has been peer reviewed and studied enough that it is considered uncrackable by any method but bruteforce, which if you don't know what sort of passphrase they are using, is essentially pointless.

Now, there was something brought up a couple weeks ago about the encryption keys for Tor, which are stored and transmitted in RSA, being vulnerable to quantum computers. Whether this turns out to be true or not is something that we can only really speculate on because there is no practical evidence for or against the argument, but for the time being, and probably the next 5-10 years, RSA should also be considered safe.

So long story short, the encryption that Tor uses was created by the mathematical geniuses of our time, and has been peer reviewed by other mathematical geniuses, and should be considered the safest form of encryption out there.

It is certainly something that I think people should know, but I have been learning about this sort of stuff going on about 4 years now, so I am pretty well versed in a lot of things. The best place to start, in my opinion, is to just read or skim through documentation on stuff like Tor. When you come across something you don't know, look it up. Next thing you know, sure, you have only gotten through the first 4 pages of documentation, but you have been to 2 dozen different wikipedia articles and have learned a boat load. It is all about just spending the time to learn about it, the same way people learn about engines, or politics, or law, except in my opinion, learning how networking and privacy systems work is something critical to understanding what exactly different technology and legislation is capable of bringing to the table. Censorship and internet spying are becoming common, and it is important that more people understand exactly what the implications of all these systems is, otherwise you end up with a population that is just ignorant to everything and is perfectly happy to live in a repressive police state. You have taken a good step by asking questions here. Ask more if you have them, there are not a lot of bad or stupid questions when it comes to stuff like this.